Besides Personal Information Protection Policy, the following provisions shall also be applied to the handling of personal information of persons residing in the European Economic Area (hereinafter referred to as the "EEA") based on the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive "95/46/EC". In the event that any provisions contradict those of Personal Information Protection Policy, the following provisions shall prevail.
(Processing Personal data)
"Personal data" means any data relating to an identified or identifiable natural person, When "you" or "your" are used in this statement, we are referring to the relevant individual who is the subject of the personal data.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Controller" means a legal person, etc. which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Processor" means a legal person, etc. which processes personal data on behalf of the Controller.
(2) Types of Personal Data to be Collected
JERA will collect, including but not limited to, the following types of personal data concerning
- (a) Name
- (b) Organization/Company name
- (c) Department name
- (d) Position
- (e) Address
- (f) Telephone numbers
- (g) Fax numbers
- (h) E-mail address
- (i) URL
(3) Purposes of Use of Personal Data
JERA will process your personal data for the following purposes:
- (a) To communicate with you about inquiries and requests.
- (b) For other matters incidental or related to JERA business operations.
JERA will process your personal data based on your consent within the scope of the above purposes of use; provided, however, that you may withdraw such consent at any time, which such withdrawal shall not affect any legitimate processing performed pursuant to the consent prior to the withdrawal. If JERA is to process your personal data for purposes other than the above, JERA will notify you in advance such new purposes of use and other matters as required by applicable laws.
JERA may require you to provide your personal data in connection with the provision of its services. In such a case that you do not provide your personal data, JERA may be unable to provide such services.
(4) Retention Period
JERA will retain your personal data to the extent JERA requires such data for achieving the purposes of use specified above.
(5) Third Party Transfer
- (a) Certain countries outside the EEA may not be furnished with the same level of data protection laws as the EEA. Thus, part of the rights granted to you within the EEA may not be available;
- (b) Your personal data may be provided and processed for the purposes specified above; and
- (c) Your personal data may be provided to third parties located in a country outside the EEA.
(6) Disclosure, Correction, and Other Procedures concerning Personal Data
You are entitled to the rights to access, request for correction, request for deletion, request to limit the processing, object to the processing, and request for data portability, with regards to the personal data retained by JERA pursuant to the provisions of relevant laws and regulations. Such requests shall be attended to the contact point set forth in "5. Contact" as per below.
JERA may refuse your request if it deems that there is no basis for such request or if it deems that the request is excessive.
You may file objections to the data protection authorities having jurisdiction over the location of your domicile with regards to the processing of your personal data by JERA.
(Security Control Measures)
In order to protect the personal data from unauthorized access and loss etc., taking into account the type of personal data, the degree of sensitivity and the severity of effects to you including economic influence and mental harm in case the personal data is unlawfully infringed, JERA has comprehensively evaluated and judged the risks of personal data infringement, and has implemented necessary and appropriate personal, organizational and technical security control measures in accordance with such the risk of personal data infringement. Further, JERA will review such security control measures as necessary, set up the process for taking corrective actions, and constantly make effort to improve its security.
If JERA, in its role as a Controller, contracts a Processor, JERA shall select a Processor which is capable of implementing appropriate technical and organizational measures and shall manage such Processor in an appropriate manner.
Pursuant to the GDPR, JERA shall prepare records of the processing of personal data.
JERA Co., Inc.
Address: Nihonbashi Takashimaya Mitsui Building 25th Floor 2-5-1 Nihonbashi, Chuo-ku, Tokyo 103-6125, Japan